palo alto networks pcsae practice test
Palo Alto Networks Certified Security Automation Engineer
Last exam update: Dec 14 ,2024
Question 1
Which three statements are true about the Marketplace? (Choose three.)
A.
Allows reverting back to a previous version of a content pack
B.
Enables users to participate in the community by sharing content
C.
Publishes content without additional review from the Cortex XSOAR team
D.
Allows uploading of content in additional languages
E.
Offers granularity in installation through content packs
Show Answer
Question 2
In which two ways can data be transferred between playbooks and sub-playbooks? (Choose two.)
A.
Inputs and outputs
B.
Through integration context
C.
Automatically extracted by sub-playbooks
D.
From context data, if context is shared globally
Show Answer
Question 3
Which three scripting languages can an engineer use to write XSOAR automations? (Choose three.)
A.
Python
B.
Perl
C.
Go
D.
JavaScript
E.
Powershell
Show Answer
Answer:
A D E
Explanation: Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/playbooks/automations.html
Question 4
An engineers organization system is registered in the following manner: . The engineer created a new indicator type for detecting systems using regex. The engineer would now like the username to be created as a separate User indicator automatically once a system is found. What is the most efficient way for the engineer to achieve this?
A.
Create a custom indicator field named ‘username’ and link it to the internal system indicator
B.
Change the reputation command for the internal system indicator type
C.
Create a new indicator type of the internal username and set a formatting script to extract only the username
D.
Create a new indicator type of the internal username and have the regex included on any string that has dash at the beginning
Show Answer
Answer:
B
Explanation: Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-threat-intel-management-guide/manage- indicators/understand-indicators/indicator-types/indicator-type-profile
Question 5
An engineer would like to add a custom field to the New Job form for a job triggered from a threat intel feed. How would the engineer implement this?
A.
The new job form changes based on the threat intel feed integration configuration
B.
The new job form can be edited from the Indicator Feed incident type editor
C.
The new job form for a threat intel feed job cannot be edited
D.
The new job form can be edited from the threat intel feeds integration settings
Show Answer
Answer:
B
Explanation: Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-threat-intel-management-guide/manage- indicators/understand-indicators/create-a-feed-based-job.html
Question 6
Which two statements describe how timers are configured to start and stop automatically in a playbook? (Choose two.)
A.
Use a field of Number to count the number of seconds elapsed between two tasks
B.
After the playbook has run, calculate the total time taken and set the timer field with this value
C.
To begin counting time taken, add a task in the playbook with automation startTimer. To end the counting, add a task with automation stopTimer
D.
From the Timers tab of the playbook task, choose the action for the timer and the timer field to perform the action on
Show Answer
Question 7
Which three actions can an engineer take on the troubleshooting page? (Choose three.)
A.
Download the debug log bundle
B.
Put the XSOAR server in maintenance mode
C.
View and modify server configuration settings
D.
Export and import custom content
E.
View a list of server administrators
Show Answer
Question 8
Which two statements accurately describe layouts? (Choose two.)
A.
Layouts override classification and mapping
B.
New tabs can be added to the incident layout
C.
Layouts can display incident information and custom fields
D.
Layouts add or remove custom fields from an incident type
Show Answer
Question 9
What are two common use cases for conditional tasks? (Choose two.)
A.
They are used for branching paths in a playbook
B.
They are used to interact with users through survey functionality
C.
They are used to determine which incident will be executed
D.
They are used for sending a specific question to a person or team
Show Answer
Answer:
A C
Explanation: Reference: https://docs-new.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoar-admin/cortex-xsoar-overview/use- cases.html#id7b31e50b-5aca-4d65-bdb5-ba61b4eac0b4
Question 10
An engineer would like to change an incidents SLA according to the severity field changes. How can the engineer achieve this task?
A.
Use a field trigger script
B.
Use a field display script
C.
Create a job that queries for incident severity changes
D.
Change the SLA manually every time the severity changes
Show Answer
Answer:
B
Explanation: Reference: https://xsoar.pan.dev/docs/incidents/incident-fields
Question 11
By default, which components does an XSOAR implementation include?
A.
XSOAR server, XSOAR engine
B.
Application server, distributed DB server
C.
Application server, distributed DB server, Backup server
D.
All in one server
Show Answer
Answer:
B
Explanation: Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/installation/install-demisto-on-a- physical-or-virtual-server.html
Question 12
DRAG DROP Arrange these steps in the order that they occur during an incident fetch. Select and Place:
Show Answer
Answer:
Question 13
In which two options can an automation script be executed? (Choose two.)
A.
Engine
B.
Integration
C.
War room
D.
Playbook
Show Answer
Answer:
C D
Explanation: Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/playbooks/automations.html
Question 14
By default, automation written in which language will be executed in a Docker container?
A.
Python
B.
Go
C.
JavaScript
D.
Perl
Show Answer
Question 15
What can be used as integration parameters?
A.
URL, API key, port
B.
URL, certificate, image
C.
Token, query, playbook
D.
User-password, csv file, query
Show Answer